my $lockdir = "/run/lock/lxc";
mkdir $lockdir;
mkdir "/etc/pve/nodes/$nodename/lxc";
-my $MAX_MOUNT_POINTS = 10;
+my $MAX_MOUNT_POINTS = 256;
my $MAX_UNUSED_DISKS = $MAX_MOUNT_POINTS;
# BEGIN implemented abstract methods from PVE::AbstractConfig
sub __snapshot_rollback_vm_stop {
my ($class, $vmid) = @_;
- PVE::Tools::run_command(['/usr/bin/lxc-stop', '-n', $vmid, '--kill'])
+ PVE::LXC::vm_stop($vmid, 1)
if $class->__snapshot_check_running($vmid);
}
description => 'Enable user quotas inside the container (not supported with zfs subvolumes)',
optional => 1,
},
+ replicate => {
+ type => 'boolean',
+ description => 'Will include this volume to a storage replica job.',
+ optional => 1,
+ default => 1,
+ },
shared => {
type => 'boolean',
description => 'Mark this non-volume mount point as available on multiple nodes (see \'nodes\')',
optional => 1,
type => 'string',
description => "Lock/unlock the VM.",
- enum => [qw(migrate backup snapshot rollback)],
+ enum => [qw(mounted migrate backup snapshot rollback)],
},
onboot => {
optional => 1,
};
my $valid_lxc_conf_keys = {
+ 'lxc.apparmor.profile' => 1,
+ 'lxc.apparmor.allow_incomplete' => 1,
+ 'lxc.selinux.context' => 1,
'lxc.include' => 1,
'lxc.arch' => 1,
- 'lxc.utsname' => 1,
- 'lxc.haltsignal' => 1,
- 'lxc.rebootsignal' => 1,
- 'lxc.stopsignal' => 1,
- 'lxc.init_cmd' => 1,
- 'lxc.network.type' => 1,
- 'lxc.network.flags' => 1,
- 'lxc.network.link' => 1,
- 'lxc.network.mtu' => 1,
- 'lxc.network.name' => 1,
- 'lxc.network.hwaddr' => 1,
- 'lxc.network.ipv4' => 1,
- 'lxc.network.ipv4.gateway' => 1,
- 'lxc.network.ipv6' => 1,
- 'lxc.network.ipv6.gateway' => 1,
- 'lxc.network.script.up' => 1,
- 'lxc.network.script.down' => 1,
- 'lxc.pts' => 1,
+ 'lxc.uts.name' => 1,
+ 'lxc.signal.halt' => 1,
+ 'lxc.signal.reboot' => 1,
+ 'lxc.signal.stop' => 1,
+ 'lxc.init.cmd' => 1,
+ 'lxc.pty.max' => 1,
'lxc.console.logfile' => 1,
- 'lxc.console' => 1,
- 'lxc.tty' => 1,
- 'lxc.devttydir' => 1,
+ 'lxc.console.path' => 1,
+ 'lxc.tty.max' => 1,
+ 'lxc.devtty.dir' => 1,
'lxc.hook.autodev' => 1,
'lxc.autodev' => 1,
'lxc.kmsg' => 1,
- 'lxc.mount' => 1,
+ 'lxc.mount.fstab' => 1,
'lxc.mount.entry' => 1,
'lxc.mount.auto' => 1,
- 'lxc.rootfs' => 'lxc.rootfs is auto generated from rootfs',
+ 'lxc.rootfs.path' => 'lxc.rootfs.path is auto generated from rootfs',
'lxc.rootfs.mount' => 1,
'lxc.rootfs.options' => 'lxc.rootfs.options is not supported' .
', please use mount point options in the "rootfs" key',
# lxc.cgroup.*
+ # lxc.prlimit.*
'lxc.cap.drop' => 1,
'lxc.cap.keep' => 1,
- 'lxc.aa_profile' => 1,
- 'lxc.aa_allow_incomplete' => 1,
- 'lxc.se_context' => 1,
- 'lxc.seccomp' => 1,
- 'lxc.id_map' => 1,
+ 'lxc.seccomp.profile' => 1,
+ 'lxc.idmap' => 1,
'lxc.hook.pre-start' => 1,
'lxc.hook.pre-mount' => 1,
'lxc.hook.mount' => 1,
'lxc.hook.post-stop' => 1,
'lxc.hook.clone' => 1,
'lxc.hook.destroy' => 1,
- 'lxc.loglevel' => 1,
- 'lxc.logfile' => 1,
+ 'lxc.log.level' => 1,
+ 'lxc.log.file' => 1,
'lxc.start.auto' => 1,
'lxc.start.delay' => 1,
'lxc.start.order' => 1,
'lxc.environment' => 1,
};
+my $deprecated_lxc_conf_keys = {
+ # Deprecated (removed with lxc 3.0):
+ 'lxc.aa_profile' => 'lxc.apparmor.profile',
+ 'lxc.aa_allow_incomplete' => 'lxc.apparmor.allow_incomplete',
+ 'lxc.console' => 'lxc.console.path',
+ 'lxc.devttydir' => 'lxc.tty.dir',
+ 'lxc.haltsignal' => 'lxc.signal.halt',
+ 'lxc.rebootsignal' => 'lxc.signal.reboot',
+ 'lxc.stopsignal' => 'lxc.signal.stop',
+ 'lxc.id_map' => 'lxc.idmap',
+ 'lxc.init_cmd' => 'lxc.init.cmd',
+ 'lxc.loglevel' => 'lxc.log.level',
+ 'lxc.logfile' => 'lxc.log.file',
+ 'lxc.mount' => 'lxc.mount.fstab',
+ 'lxc.network.type' => 'lxc.net.INDEX.type',
+ 'lxc.network.flags' => 'lxc.net.INDEX.flags',
+ 'lxc.network.link' => 'lxc.net.INDEX.link',
+ 'lxc.network.mtu' => 'lxc.net.INDEX.mtu',
+ 'lxc.network.name' => 'lxc.net.INDEX.name',
+ 'lxc.network.hwaddr' => 'lxc.net.INDEX.hwaddr',
+ 'lxc.network.ipv4' => 'lxc.net.INDEX.ipv4.address',
+ 'lxc.network.ipv4.gateway' => 'lxc.net.INDEX.ipv4.gateway',
+ 'lxc.network.ipv6' => 'lxc.net.INDEX.ipv6.address',
+ 'lxc.network.ipv6.gateway' => 'lxc.net.INDEX.ipv6.gateway',
+ 'lxc.network.script.up' => 'lxc.net.INDEX.script.up',
+ 'lxc.network.script.down' => 'lxc.net.INDEX.script.down',
+ 'lxc.pts' => 'lxc.pty.max',
+ 'lxc.se_context' => 'lxc.selinux.context',
+ 'lxc.seccomp' => 'lxc.seccomp.profile',
+ 'lxc.tty' => 'lxc.tty.max',
+ 'lxc.utsname' => 'lxc.uts.name',
+};
+
+sub is_valid_lxc_conf_key {
+ my ($vmid, $key) = @_;
+ if ($key =~ /^lxc\.limit\./) {
+ warn "vm $vmid - $key: lxc.limit.* was renamed to lxc.prlimit.*\n";
+ return 1;
+ }
+ if (defined(my $new_name = $deprecated_lxc_conf_keys->{$key})) {
+ warn "vm $vmid - $key is deprecated and was renamed to $new_name\n";
+ return 1;
+ }
+ my $validity = $valid_lxc_conf_keys->{$key};
+ return $validity if defined($validity);
+ return 1 if $key =~ /^lxc\.cgroup\./ # allow all cgroup values
+ || $key =~ /^lxc\.prlimit\./ # allow all prlimits
+ || $key =~ /^lxc\.net\./; # allow custom network definitions
+ return 0;
+}
+
our $netconf_desc = {
type => {
type => 'string',
ip => {
type => 'string',
format => 'pve-ipv4-config',
- format_description => 'IPv4Format/CIDR',
+ format_description => '(IPv4/CIDR|dhcp|manual)',
description => 'IPv4 address in CIDR format.',
optional => 1,
},
ip6 => {
type => 'string',
format => 'pve-ipv6-config',
- format_description => 'IPv6Format/CIDR',
+ format_description => '(IPv6/CIDR|auto|dhcp|manual)',
description => 'IPv6 address in CIDR format.',
optional => 1,
},
if ($line =~ m/^(lxc\.[a-z0-9_\-\.]+)(:|\s*=)\s*(.*?)\s*$/) {
my $key = $1;
my $value = $3;
- my $validity = $valid_lxc_conf_keys->{$key} || 0;
- if ($validity eq 1 || $key =~ m/^lxc\.cgroup\./) {
+ my $validity = is_valid_lxc_conf_key($vmid, $key);
+ if ($validity eq 1) {
push @{$conf->{lxc}}, [$key, $value];
} elsif (my $errmsg = $validity) {
warn "vm $vmid - $key: $errmsg\n";
PVE::LXC::Config->write_config($vmid, $conf) if $running;
}
+ my $storecfg = PVE::Storage::config();
+
my $used_volids = {};
my $check_content_type = sub {
my ($mp) = @_;
my $sid = PVE::Storage::parse_volume_id($mp->{volume});
- my $scfg = PVE::Storage::config();
- my $storage_config = PVE::Storage::storage_config($scfg, $sid);
+ my $storage_config = PVE::Storage::storage_config($storecfg, $sid);
die "storage '$sid' does not allow content type 'rootdir' (Container)\n"
if !$storage_config->{content}->{rootdir};
};
+ my $rescan_volume = sub {
+ my ($mp) = @_;
+ eval {
+ $mp->{size} = PVE::Storage::volume_size_info($storecfg, $mp->{volume}, 5)
+ if !defined($mp->{size});
+ };
+ warn "Could not rescan volume size - $@\n" if $@;
+ };
+
foreach my $opt (keys %$param) {
my $value = $param->{$opt};
my $check_protection_msg = "can't update CT $vmid drive '$opt'";
$conf->{$opt} = $value;
PVE::LXC::write_cgroup_value("cpu", $vmid, "cpu.shares", $value);
} elsif ($opt eq 'description') {
- $conf->{$opt} = PVE::Tools::encode_text($value);
+ $conf->{$opt} = $value;
} elsif ($opt =~ m/^net(\d+)$/) {
my $netid = $1;
my $net = PVE::LXC::Config->parse_lxc_network($value);
if ($mp->{type} eq 'volume') {
&$check_content_type($mp);
$used_volids->{$mp->{volume}} = 1;
+ &$rescan_volume($mp);
+ $conf->{$opt} = PVE::LXC::Config->print_ct_mountpoint($mp);
+ } else {
+ $conf->{$opt} = $value;
}
- $conf->{$opt} = $value;
if (defined($old)) {
my $mp = PVE::LXC::Config->parse_ct_mountpoint($old);
if ($mp->{type} eq 'volume') {
next if $hotplug_error->($opt);
PVE::LXC::Config->check_protection($conf, $check_protection_msg);
my $old = $conf->{$opt};
- $conf->{$opt} = $value;
my $mp = PVE::LXC::Config->parse_ct_rootfs($value);
if ($mp->{type} eq 'volume') {
&$check_content_type($mp);
$used_volids->{$mp->{volume}} = 1;
+ &$rescan_volume($mp);
+ $conf->{$opt} = PVE::LXC::Config->print_ct_mountpoint($mp, 1);
+ } else {
+ $conf->{$opt} = $value;
}
if (defined($old)) {
my $mp = PVE::LXC::Config->parse_ct_rootfs($old);
} else {
die "implement me: $opt";
}
+
PVE::LXC::Config->write_config($vmid, $conf) if $running;
}
return 'volume';
}
-sub is_volume_in_use {
- my ($class, $config, $volid, $include_snapshots) = @_;
+my $is_volume_in_use = sub {
+ my ($class, $config, $volid) = @_;
my $used = 0;
$class->foreach_mountpoint($config, sub {
$used = $mountpoint->{type} eq 'volume' && $mountpoint->{volume} eq $volid;
});
- my $snapshots = $config->{snapshots};
- if ($include_snapshots && $snapshots) {
+ return $used;
+};
+
+sub is_volume_in_use_by_snapshots {
+ my ($class, $config, $volid) = @_;
+
+ if (my $snapshots = $config->{snapshots}) {
foreach my $snap (keys %$snapshots) {
- $used ||= $class->is_volume_in_use($snapshots->{$snap}, $volid);
+ return 1 if $is_volume_in_use->($class, $snapshots->{$snap}, $volid);
}
}
- return $used;
+ return 0;
+};
+
+sub is_volume_in_use {
+ my ($class, $config, $volid, $include_snapshots) = @_;
+ return 1 if $is_volume_in_use->($class, $config, $volid);
+ return 1 if $include_snapshots && $class->is_volume_in_use_by_snapshots($config, $volid);
+ return 0;
}
sub has_dev_console {
sub foreach_mountpoint_full {
my ($class, $conf, $reverse, $func, @param) = @_;
- foreach my $key ($class->mountpoint_names($reverse)) {
+ my $mps = [ grep { defined($conf->{$_}) } $class->mountpoint_names($reverse) ];
+ foreach my $key (@$mps) {
my $value = $conf->{$key};
- next if !defined($value);
my $mountpoint = $key eq 'rootfs' ? $class->parse_ct_rootfs($value, 1) : $class->parse_ct_mountpoint($value, 1);
next if !defined($mountpoint);
return $vollist;
}
-return 1;
+sub get_replicatable_volumes {
+ my ($class, $storecfg, $vmid, $conf, $cleanup, $noerr) = @_;
+
+ my $volhash = {};
+
+ my $test_volid = sub {
+ my ($volid, $mountpoint) = @_;
+
+ return if !$volid;
+
+ my $mptype = $mountpoint->{type};
+ my $replicate = $mountpoint->{replicate} // 1;
+
+ if ($mptype ne 'volume') {
+ # skip bindmounts if replicate = 0 even for cleanup,
+ # since bind mounts could not have been replicated ever
+ return if !$replicate;
+ die "unable to replicate mountpoint type '$mptype'\n";
+ }
+
+ my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, $noerr);
+ return if !$storeid;
+
+ my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
+ return if $scfg->{shared};
+
+ my ($path, $owner, $vtype) = PVE::Storage::path($storecfg, $volid);
+ return if !$owner || ($owner != $vmid);
+
+ die "unable to replicate volume '$volid', type '$vtype'\n" if $vtype ne 'images';
+
+ return if !$cleanup && !$replicate;
+
+ if (!PVE::Storage::volume_has_feature($storecfg, 'replicate', $volid)) {
+ return if $cleanup || $noerr;
+ die "missing replicate feature on volume '$volid'\n";
+ }
+
+ $volhash->{$volid} = 1;
+ };
+
+ $class->foreach_mountpoint($conf, sub {
+ my ($ms, $mountpoint) = @_;
+ $test_volid->($mountpoint->{volume}, $mountpoint);
+ });
+
+ foreach my $snapname (keys %{$conf->{snapshots}}) {
+ my $snap = $conf->{snapshots}->{$snapname};
+ $class->foreach_mountpoint($snap, sub {
+ my ($ms, $mountpoint) = @_;
+ $test_volid->($mountpoint->{volume}, $mountpoint);
+ });
+ }
+
+ # add 'unusedX' volumes to volhash
+ foreach my $key (keys %$conf) {
+ if ($key =~ m/^unused/) {
+ $test_volid->($conf->{$key}, { type => 'volume', replicate => 1 });
+ }
+ }
+
+ return $volhash;
+}
+
+1;
projects / pve-container.git / blobdiff